This invention relates to verification of software agents and their activities, and particularly to verification of software agents and their activities in a distributed computing environment.
In information-intensive computing environments, users tend both to be subject to information overload and to consume computing resources inefficiently. Toward alleviating such overload and inefficiency, software programmers have constructed programs commonly known as software agents. Indeed, software agents are well-known user tools.
Typically, software agents are entrusted to accomplish one or more tasks, e.g., on behalf of a user. As an example, some software agents are entrusted to search, filter, analyze and assign priorities to information. As another example, some software agents are entrusted with sensitive tasks and associated information, such as banking tasks and associated account information, e-commerce tasks and associated credit card information, and other transactions with trade secret or trade sensitive information.
Toward accomplishing tasks, software agents typically exercise the computing environment, e.g., to obtain services managed by servers and/or to interact with other agents. Under such conditions, a software agent is variously subject to corruption. As an example, a software agent can be rendered corrupting (e.g., made malicious) such as by changing its code to incorporate a virus or to provide other undesirable functionality. An agent corrupted by a virus typically is enabled to spread the virus in the computing environment (e.g., to servers) and/or to other agents with which it interacts.
As another example, a software agent can itself be corrupted, such as by a change in its code as to either an entrusted task or task-associated information. In the case of an agent entrusted with a bank transfer task, the agent is corrupted if its code is changed to alter the nature or amount of the transfer.
As yet another example, the software agent is without corruption, but the agent is functionally/indirectly corrupted by malicious operation within a part of the environment being exercised. To illustrate this example, an agent entrusted with a bank transfer task likely will carry information requesting that the transfer be of a fixed amount and be effected from a first account to a second account. However, the agent can be corrupted by maliciousness present in the transfer server itself. The agent's corruption in this case can be a change in the task's implementation, such as by (i) transferring a different amount or (ii) directing the amount to a third account, or (ii) both. The agent's corruption is compounded if accompanied by false reporting--to or through the agent, or otherwise--that the requested task was properly implemented.
Agent corruption generally is insufficiently protected via encryption techniques. That is, while encryption techniques can verify the origin of a software agent, these techniques typically have limited capability to deter corruption. In particular, encryption techniques generally fall short in deterring agent corruption if such corruption can occur prior to encryption or after decryption.
Accordingly, there is need in the art for methods and apparatus that verify software agents and their activities in a distributed computing environment. In particular, there is a need for such methods and apparatus where malicious operation may be present in the environment.